Implement Direct Inward System Access (DISA) in VoIP Environment

Answered Question
Apr 6th, 2007

Hi,

May i know, is it possible to implement DISA Call in VoIP environment. If yes, how we can make it? Is it some configuration in CE Router at SRST Sites or CE Router at Main Sites? Also can you give me the information how to implement it?

As I understand DISA (Direct Inward System Access) allows someone calling in from outside the telephone switch (PBX) to obtain an "internal" system dialtone and dial calls as if from one of the extensions attached to the telephone switch. Frequently the user calls a number DISA number with invokes the DISA application. The DISA application in turn requires the user to enter his passcode, followed by the pound sign (#). If the passcode is correct, the user will hear dialtone on which a call may be placed.

Please advise me as soonest.

Thanks in advanced

Rgds,

Izazi Zainy

I have this problem too.
0 votes
Correct Answer by pacameron about 9 years 8 months ago

Giving users access to system dial tone via DISA is a security hole on PBX's and VOIP system so be careful how you use it. The following note describes how to use a TCL script and audio prompts to allow a user to call in and authenticate via an account number and PIN before they can dial an internal number. This will allow basic DISA type functions on a H323 gateway. Obviously you would also want to log the details of who made the call and when they made it, so syslog VOIP accounting is enabled to send a CDR to a syslog server.

We use an inbuilt TCL script that is inbuilt in IOS called 'clid_authen_collect'. This script authenticates the call with the ANI (Calling number) and DNIS (Called number) of the incoming call, or if this fails, it then prompts the user to enter an account number and then a PIN number. Since the call is coming in on an FXO (or FXS) port, there is no associated ANI and DNIS, so the script immediately prompts the user for the account number and PIN. We do the authentication by a local 'username XXX password YYY' command in the router config. The user keys in the account code and PIN (can use the # as a string terminator to speed the process up and if the values entered match a local username and password, it then prompts for the user to enter the actual destination telephone number.

I have also enabled syslog accounting for call detail records, so when the call completes you get a basic record of the called number and durations. If they wanted to use a full blown AAA server, they could run the authentication from this and this way keep a full log of all users calling in, and it would also log the CDR's for billing etc ...

The router needs the following audio .AU files on the flash memory :

Test#sh flash

System flash directory:

File Length Name/status

1 14097360 c2600-is-mz.122-11.T.bin

2 14150 enter_account.au

3 14869 auth_fail_retry.au

4 11510 enter_pin.au

5 52644 enter_destination.au

[14190860 bytes used, 2062068 available, 16252928 total]

16384K bytes of processor board System flash (Read/Write)

Test#

(obviously needs the IOS image but the important files are the audio prompts)

The .au files are the audio prompts that the IVR plays. These are in Sun/Next audio 64Kbps G711ulaw audio format. Use an audio editor to create the files and save them in this format.

When a call comes in on FXO port 1/0/0, you will hear a prompt to enter the account code. Key in the account number, followed by a #, then key in the PIN , followed by #. The caller will be prompted to enter the destination phone number, and this is matched on any subsequent voip or pots dial peers.

Configured user account numbers/passwords are 1000/1000 and 1001/1001

Refer to the attachment for the full router configs. Hope this helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
Correct Answer
pacameron Sat, 04/07/2007 - 05:07

Giving users access to system dial tone via DISA is a security hole on PBX's and VOIP system so be careful how you use it. The following note describes how to use a TCL script and audio prompts to allow a user to call in and authenticate via an account number and PIN before they can dial an internal number. This will allow basic DISA type functions on a H323 gateway. Obviously you would also want to log the details of who made the call and when they made it, so syslog VOIP accounting is enabled to send a CDR to a syslog server.

We use an inbuilt TCL script that is inbuilt in IOS called 'clid_authen_collect'. This script authenticates the call with the ANI (Calling number) and DNIS (Called number) of the incoming call, or if this fails, it then prompts the user to enter an account number and then a PIN number. Since the call is coming in on an FXO (or FXS) port, there is no associated ANI and DNIS, so the script immediately prompts the user for the account number and PIN. We do the authentication by a local 'username XXX password YYY' command in the router config. The user keys in the account code and PIN (can use the # as a string terminator to speed the process up and if the values entered match a local username and password, it then prompts for the user to enter the actual destination telephone number.

I have also enabled syslog accounting for call detail records, so when the call completes you get a basic record of the called number and durations. If they wanted to use a full blown AAA server, they could run the authentication from this and this way keep a full log of all users calling in, and it would also log the CDR's for billing etc ...

The router needs the following audio .AU files on the flash memory :

Test#sh flash

System flash directory:

File Length Name/status

1 14097360 c2600-is-mz.122-11.T.bin

2 14150 enter_account.au

3 14869 auth_fail_retry.au

4 11510 enter_pin.au

5 52644 enter_destination.au

[14190860 bytes used, 2062068 available, 16252928 total]

16384K bytes of processor board System flash (Read/Write)

Test#

(obviously needs the IOS image but the important files are the audio prompts)

The .au files are the audio prompts that the IVR plays. These are in Sun/Next audio 64Kbps G711ulaw audio format. Use an audio editor to create the files and save them in this format.

When a call comes in on FXO port 1/0/0, you will hear a prompt to enter the account code. Key in the account number, followed by a #, then key in the PIN , followed by #. The caller will be prompted to enter the destination phone number, and this is matched on any subsequent voip or pots dial peers.

Configured user account numbers/passwords are 1000/1000 and 1001/1001

Refer to the attachment for the full router configs. Hope this helps.

Paolo Bevilacqua Sat, 04/07/2007 - 10:15

Great info pacameron, I was to about to write about to suggest the same, but as I'm usually too scarce on words you did a much much better job, so I rated your port a '5'!

Tommer Catlin Tue, 04/10/2007 - 09:44

You can also use IPCC Express for this. I have built a script that works similar.

mwadam Sat, 12/15/2007 - 11:25

I would be interested in your script also. It would be much more simple than implementing the new Voice Mobility option to gain DISA functionality.

Thanks!!!

Adam

madhusudhan.s Thu, 01/24/2008 - 06:22

is it possible to share the script if possible we have a similar requirement

mwadam Thu, 01/24/2008 - 06:34

I never received anything from the previous post, so I created my own script. Let me know if you are interested.

RSwartzmiller Wed, 02/06/2008 - 11:47

I would be interested in your script. Could you please send me a copy.

Thanks in advance

agonza07 Wed, 02/20/2008 - 19:25

I actually modified a TCL IVR script to do a simple PIN check, but I'm very new at this and was wondering if anyone knew how I can pass a parameter from the CLI to set the pin. The way I will have to do it with this script is to upload a new script every time I have to change the PIN.

Thanks.

Attachment: 
yenlung Fri, 03/28/2008 - 02:43

Just come across this page, i would give it thumbs up.

however, how can I use PRI interface instead of FXO?

If user call that particular number, then it will be use as a voice forwarder...

Kindly assisted.

Actions

This Discussion